Vulnerabilities > CVE-2021-25002 - Unspecified vulnerability in Tipsacarrier Project Tipsacarrier 1.4.4.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
tipsacarrier-project

Summary

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL

Vulnerable Configurations

Part Description Count
Application
Tipsacarrier_Project
1